package com.cxp.serverdemo.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.stereotype.Component;

/**
 * 对象后处理器：
 * 创建默认的FilterSecurityInterceptor的时候把我们的accessDecisionManager和securityMetadataSource设置进去
 * 至于authenticationManager因为已经声明了authenticationProvider并设置了userDetailService，所以这里可以省去
 */
//@Component
public class CustomObjectPostProcessor implements ObjectPostProcessor<FilterSecurityInterceptor> {
    @Autowired
    CustomMetadataSource metadataSource;
    @Autowired
    CustomAccessDecisionManager customAccessDecisionManager;

@Override
public <O extends FilterSecurityInterceptor> O postProcess(O o) {
        o.setSecurityMetadataSource(metadataSource);
        o.setAccessDecisionManager(customAccessDecisionManager);
        return o;
        }
}
